How GRC calculated links work

An organization can use GRC calculated links to view connections between GRC records in a hierarchy that are not directly connected.

GRC provides a table structure that maintains all possible combinations of links and then links everything together in the hierarchy you create.

GRC uses these rules when calculating links:
  • Links are calculated between authority documents, and policies, risks, and controls. These links are shown in forms, together with the method of connection, in addition to other related lists.
  • Links are calculated between controls, policies, and risks when rolling up control test results for authority documents, policies, and risks.
  • Authority documents and citations are at the top of the hierarchy. Control test definitions and control test instances provide data about the number of passing and failing control tests at all levels. Controls, policies, and risks are equal components. Links can go in any direction between these elements.
  • An authority document and its citations are treated as a single entity. A direct link to an authority document is the same as a direct link to the related citations. Components linked directly to citations are linked to the authority document with the calculated - direct link, created specifically for this purpose. Calculated links are only created to the authority document and not to the citations.
  • The system only creates links between components configured as pertinent. For example, if an authority document, a risk, and a policy are all linked together, and the risk is configured as not pertinent, the system cannot link the policy to the authority document when rolling up data for reporting.
  • Users cannot manually delete calculated links.
Figure 1. GRC element linking rules